<?php
session_start();

include '../conn.php';

$uname = $_REQUEST['username'];
$pwd = $_REQUEST['password'];
$sql = "SELECT * FROM user where uname = '" . $uname . "' and pwd = '" . $pwd . "'";
$result = $conn->query($sql);
$uid = '';

if ($result->num_rows > 0) {
    while ($row = $result->fetch_assoc()) {
        // 存储 session 数据
        $uid = $row['id'];
        $_SESSION['uid' . $uid] = $uid;
        $_SESSION['uid'] = $uname;
    }
    echo <<<ETO
    <script>
        location.href='../index.php';
    </script>
    ETO;;
    exit;
} else {
    echo <<<ETO
    <script>
        alert("用户名或密码错误！")
        history.back()
    </script>
ETO;
}
?>
